SuperContainer Security & IIS

Recommended Posts

I've recently installed SuperContainer on my FileMaker Server and got it up and running perfectly. The only problem is that you can access the files if you manually type the URL into the web browser address bar. I know I could set a username and password for SuperContainer to stop people from doing this but I'd rather not as SuperContainer is being used across various databases.

Is there a way of making sure people can solely access their files via the database? My server is running Windows 7 Professional with IIS 7.5.

Any help is much appreciated!

Stuart

By the way I'm running SuperContainer through SSL.

Share this post

Link to post

Share on other sites

The best way to prevent this is obfuscation of SuperContainer URLs/folder paths... as "http://yourserver/SuperContainer/Files/ClientName/DocumentName" is much easier to figure out than, "http://yourserver/SuperContainer/Files/y347adfaj8w4jafa/32".

Is there a way of making sure people can solely access their files via the database? My server is running Windows 7 Professional with IIS 7.5.

Unfortunately, there's really not a way to force someone to access SC URLs from the database only... which is akin to forcing someone to access 360Works' homepage by first searching on Google. If the URL is known, they can surely access it as it's publicly accessible.

Our SuperContainer Product Support wiki page goes into a bit more detail on several security concepts that could be employed within your solution, that I highly recommend you take a quick peek at.

I hope this helps,

Share this post

Link to post

Share on other sites

Thanks a lot for the link, really helpful stuff. Am I right in saying that I will be able to embed the SuperContainer password and username into the Web Viewer calculation? So that users accessing the files via the database will not have to enter the username and password credentials, BUT people trying to access the files by typing in the URL will be asked for a username and password?

Share this post

Link to post

Share on other sites

Am I right in saying that I will be able to embed the SuperContainer password and username into the Web Viewer calculation? So that users accessing the files via the database will not have to enter the username and password credentials, BUT people trying to access the files by typing in the URL will be asked for a username and password?